X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=util-testing%2Forg%2Fcacert%2Fgigi%2Futil%2FSimpleSigner.java;h=f2b97d7bcd958380088ebf432372f2e9eef36a62;hp=296eb99e5bb73a9f3c88697bc206b24d7e7bbacb;hb=cdea5a0765ccb868dc3f37d7e7a1b7cae357dfc6;hpb=08f417851b48202af9f3a9b6254ac4d1c18262cb diff --git a/util-testing/org/cacert/gigi/util/SimpleSigner.java b/util-testing/org/cacert/gigi/util/SimpleSigner.java index 296eb99e..f2b97d7b 100644 --- a/util-testing/org/cacert/gigi/util/SimpleSigner.java +++ b/util-testing/org/cacert/gigi/util/SimpleSigner.java @@ -28,6 +28,7 @@ import java.text.SimpleDateFormat; import java.util.Base64; import java.util.Calendar; import java.util.Date; +import java.util.GregorianCalendar; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -126,14 +127,14 @@ public class SimpleSigner { readyCerts = new GigiPreparedStatement("SELECT certs.id AS id, certs.csr_name, jobs.id AS jobid, csr_type, md, `executeFrom`, `executeTo`, profile FROM jobs " + // "INNER JOIN certs ON certs.id=jobs.`targetId` " + // "INNER JOIN profiles ON profiles.id=certs.profile " + // - "WHERE jobs.state='open' "// - + "AND task='sign'"); + "WHERE jobs.state='open' " + // + "AND task='sign'"); getSANSs = new GigiPreparedStatement("SELECT contents, type FROM `subjectAlternativeNames` " + // "WHERE `certId`=?"); updateMail = new GigiPreparedStatement("UPDATE certs SET crt_name=?," + " created=NOW(), serial=?, caid=? WHERE id=?"); - warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=IF(warning<3, 'open','error') WHERE id=?"); + warnMail = new GigiPreparedStatement("UPDATE jobs SET warning=warning+1, state=CASE WHEN warning<3 THEN 'open'::`jobState` ELSE 'error'::`jobState` END WHERE id=?"); revoke = new GigiPreparedStatement("SELECT certs.id, certs.csr_name,jobs.id FROM jobs INNER JOIN certs ON jobs.`targetId`=certs.id" + " WHERE jobs.state='open' AND task='revoke'"); revokeCompleted = new GigiPreparedStatement("UPDATE certs SET revoked=NOW() WHERE id=?"); @@ -152,6 +153,17 @@ public class SimpleSigner { runner.start(); } + public static void ping() { + synchronized (SimpleSigner.class) { + SimpleSigner.class.notifyAll(); + try { + SimpleSigner.class.wait(2000); + } catch (InterruptedException e) { + e.printStackTrace(); + } + } + } + private synchronized static void work() { try { gencrl(); @@ -166,6 +178,7 @@ public class SimpleSigner { signCertificates(); revokeCertificates(); + SimpleSigner.class.notifyAll(); SimpleSigner.class.wait(5000); } catch (IOException e) { e.printStackTrace(); @@ -199,7 +212,8 @@ public class SimpleSigner { return; } String[] call = new String[] { - "openssl", "ca",// + "openssl", + "ca",// "-cert", "../unassured.crt",// "-keyfile", @@ -219,8 +233,6 @@ public class SimpleSigner { } } - private static int counter = 0; - private static void signCertificates() throws SQLException { GigiResultSet rs = readyCerts.executeQuery(); @@ -282,7 +294,6 @@ public class SimpleSigner { try (FileInputStream inStream = new FileInputStream("signer/profiles/" + s)) { caP.load(inStream); } - String ca = caP.getProperty("ca") + "_2015_1"; HashMap subj = new HashMap<>(); try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT name, value FROM `certAvas` WHERE `certId`=?")) { @@ -317,7 +328,24 @@ public class SimpleSigner { PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data, "UTF-8"))); pk = p10.getSubjectPublicKeyInfo(); } - PrivateKey i = loadOpensslKey(new File("signer/ca/" + ca + "/ca.key")); + Calendar cal = GregorianCalendar.getInstance(); + String ca = caP.getProperty("ca") + "_" + cal.get(Calendar.YEAR) + (cal.get(Calendar.MONTH) >= 6 ? "_2" : "_1"); + File parent = new File("signer/ca"); + File[] caFiles = parent.listFiles(); + if (null == caFiles) { + caFiles = new File[0]; + } + if ( !new File(parent, ca).exists()) { + System.out.println("CA " + ca + " not found. Searching for anything other remotely fitting."); + for (File f : caFiles) { + if (f.getName().startsWith(caP.getProperty("ca"))) { + ca = f.getName(); + break; + } + } + } + File caKey = new File(parent, ca + "/ca.key"); + PrivateKey i = loadOpensslKey(caKey); X509Certificate root = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream("signer/ca/" + ca + "/ca.crt")); byte[] cert = generateCert(pk, i, subj, root.getSubjectX500Principal(), altnames, fromDate, toDate, Digest.valueOf(rs.getString("md").toUpperCase()), caP.getProperty("eku")); @@ -476,7 +504,7 @@ public class SimpleSigner { private static byte[] generateKU() throws IOException { try (DerOutputStream dos = new DerOutputStream()) { dos.putBitString(new byte[] { - (byte) 0b10101000 + (byte) 0b10101000 }); return dos.toByteArray(); } @@ -484,35 +512,37 @@ public class SimpleSigner { private static byte[] generateEKU(String eku) throws IOException { - DerOutputStream dos = new DerOutputStream(); - for (String name : eku.split(",")) { - ObjectIdentifier oid; - switch (name) { - case "serverAuth": - oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.1"); - break; - case "clientAuth": - oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.2"); - break; - case "codeSigning": - oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.3"); - break; - case "emailProtection": - oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.4"); - break; - case "OCSPSigning": - oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.9"); - break; - - default: - throw new Error(name); + try (DerOutputStream dos = new DerOutputStream()) { + for (String name : eku.split(",")) { + name = name.trim(); + ObjectIdentifier oid; + switch (name) { + case "serverAuth": + oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.1"); + break; + case "clientAuth": + oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.2"); + break; + case "codeSigning": + oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.3"); + break; + case "emailProtection": + oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.4"); + break; + case "OCSPSigning": + oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.9"); + break; + + default: + throw new Error(name); + } + dos.putOID(oid); } - dos.putOID(oid); + byte[] data = dos.toByteArray(); + dos.reset(); + dos.write(DerValue.tag_Sequence, data); + return dos.toByteArray(); } - byte[] data = dos.toByteArray(); - dos.reset(); - dos.write(DerValue.tag_Sequence, data); - return dos.toByteArray(); } public static X500Name genX500Name(Map subj) throws IOException {